Portal de Periódicos da CAPES

Protecting against DNS Reflection Attacks with Bloom Filters

2011; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-22424-9_1

1611-3349

Sebastiano Di Paola, Dario Lombardo,

Internet Traffic Analysis and Secure E-voting

Nowadays the DNS protocol is under the attention of the security community for its lack of security and for the flaws found in the last few years. In the Internet scenario, the reflection/amplification is the most common and nasty attack that requires very powerful and expensive hardware to be protected from. In this paper we propose a robust countermeasure against this type of threats based on Bloom filters. The proposed method is fast and not too eager of resources, and has a very low error rate, blocking 99.9% of attack packets. The mechanism has been implemented within a project by Telecom Italia S.p.A., named jdshape, based on Juniper Networks\(^{\textregistered}\) SDK.